Skip to main content
CVE-2020-28857 MEDIUM POC This Month

OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Digital Asset Management
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-29304 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Directories Pro
NVD
CVSS 3.1
6.1
EPSS
5.5%
CVE-2020-29303 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF PHP Directories Pro
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-28861 MEDIUM POC This Month

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Digital Asset Management
NVD VulDB
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-0465 MEDIUM PATCH This Month

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-5637 MEDIUM This Month

Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aterm Sa3500G Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-5636 MEDIUM This Month

Aterm SA3500G firmware versions prior to Ver. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aterm Sa3500G Firmware
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-15733 MEDIUM This Month

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Antivirus Plus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-17511 MEDIUM PATCH This Month

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Airflow
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-28859 MEDIUM This Month

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Asset Management
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-29511 MEDIUM This Month

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Go Trident
NVD GitHub
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-29510 MEDIUM This Month

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Go Trident
NVD GitHub
CVSS 3.1
5.6
EPSS
2.0%
CVE-2020-29509 MEDIUM PATCH This Month

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Go Trident
NVD GitHub
CVSS 3.1
5.6
EPSS
2.1%
CVE-2020-0019 MEDIUM This Month

In the Broadcom Nexus firmware, there is an insecure default password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Broadcom Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0470 MEDIUM PATCH This Month

In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Google Memory Corruption Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-0469 MEDIUM PATCH This Month

In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0468 MEDIUM PATCH This Month

In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-0467 MEDIUM PATCH This Month

In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-0464 MEDIUM PATCH This Month

In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25233 MEDIUM This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25231 MEDIUM This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Logo 8 Bm Firmware Logo Soft Comfort
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-35460 MEDIUM PATCH This Month

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mpxj Primavera Unifier
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-17513 MEDIUM PATCH This Month

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Python Airflow
NVD
CVSS 3.1
5.3
EPSS
4.3%
CVE-2020-35236 MEDIUM PATCH This Month

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Information Disclosure Lagoon
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy